1. Field of the Invention
The present invention relates to the field of quantum communication systems. More specifically, the present invention relates to decoders for quantum communication systems and a decoding method for quantum communication systems.
2. Discussion of the Background
There is often a need to communicate a message in secret over a channel which can potentially be intercepted by an eavesdropper. Traditionally, such a problem has been addressed by encrypting or enciphering the message using a secret key. Quantum communication provides a highly secure method for sending such a key. By encoding the key on a series of single photons, where each photon carries 1 bit of information encoded as quantum state of the photon e.g. polarisation, phase or energy/time of the photon, an eavesdropper cannot intercept the key without at least partially changing the key. It is not possible to completely prevent an eavesdropper from obtaining the key, but he or she will be detected.
A common protocol for distributing a secret key using single photons or weak coherent pulses is known as BB84 (Bennett et al. Proceedings of the IEEE International Conference on Computers, Systems and Signal Processing, Bangalore, India (IEEE, New York 1984) p 175).
In BB84, the bit state 0 or 1 is encoded onto a certain physical property of a photon, such as polarisation or phase delay in an interferometer. Each bit (1 or 0) may be represented using two orthogonal states in one of two non-orthogonal bases. One of the states in each basis codes for 0, the other codes for 1. For example, for phase encoding, the first basis may be defined by applying a phase shift of 0° or 180° to a photon passing through an interferometer, whereas the second basis may be defined by applying a phase shift of 90° or 270° to a photon passing through an interferometer. In the BB84 protocol the assignment of bit values to particular qubit states is agreed in advance and fixed. For polarisation encoding, one basis may be defined by vertically or horizontally polarising a photon and the other basis is defined by two polarisation states at 45° to the vertical and horizontal states.
The remainder of the discussion will concentrate on phase encoding, but the same principles apply to polarisation encoding. The phase state for each photon transmitted from sender (often referred to as Alice) to receiver (referred to as Bob) is chosen to be in one of the four states. These four states correspond to 0 and 1 in the two non-orthogonal encoding bases. Alice chooses at random the bit value (0 or 1) and the encoding basis for each photon and transmits the appropriate state to Bob. For each photon, Bob chooses at random in which basis to measure.
If Bob chooses for a particular photon, the same basis for his measurement as Alice used to encode, he will be able to measure the received state deterministically, or in other words with a theoretical accuracy of 100%. However, if he uses a different basis from Alice there is a finite probability that he will determine the wrong bit value. If the overlap integral between states in the two bases is 0.5 (ie if the bases are offset by 90° in the case of phase encoding), and Bob chooses a different basis to Alice, he has only a 50% chance of determining the correct result and a 50% chance of error.
After the measurement has been made, Alice and Bob communicate with one another over a classical channel. In the BB84 protocol, Alice and Bob compare the encoding and measurement bases that they have used and agree only to keep the results when they have used the same bases, a process known as sifting. The results from any measurements performed using an incorrect basis are discarded. This means that, typically, the results from half of the measured photons will be discarded.
A malicious eavesdropper, Eve listening into Alice and Bob's communication, could intercept some or all of the photons. Like Bob, she will not know which basis to use to measure the photons encoded by Alice. For the sake of simplicity we shall assume that Eve makes a random choice of measurement bases for each photon. Thus, if we assume that Alice encodes in the two bases with equal frequency, Eve will, on average, select the correct basis half of the time.
If Eve chooses a measurement basis which is non-orthogonal to Alice's encoding basis, her measurement will unavoidably alter the state of the photon from that encoded by Alice. In practice Eve's measurement will destroy the photon and she will therefore have to generate another photon for transmission to Bob. If Eve measures in the wrong basis, she will regenerate this photon in a different phase state from that originally prepared by Alice.
On average, Eve will guess an incorrect basis, and will thus alter the encoded state of the photon, with a probability of 0.5. This will result in a ˜25% error rate in Bob's measurement results on average. Alice and Bob can therefore test if Eve has intercepted their communication by monitoring the error rate in their shared bit sequence. This they can do by comparing a subset of their shared bit sequence, selected from the bit sequence at random.
The security of the BB84 protocol has been proven theoretically on the assumptions that (i) information of which detector detects a photon is not accessible to Eve, and (ii) the two single photon detectors have same characteristics, for example, detection efficiency and dark count rate. Any violation of the above assumption may cause security compromise in quantum communication systems.
In reality, the assumptions above are rarely the case. First, Eve may be able to obtain information about the key by using so-called “side-channel” information. Generally, in quantum communication systems, the detectors used are avalanche photodiodes which amplify the single photon received using an avalanche process. This avalanche process also causes light emission from the device. Thus, a non-authorised person watching the detectors can tell which detector flashed and hence the bit value Bob will allocate to the detected photon. Thus, if Eve can determine which detector flashed and obtain information about which results are kept by intercepting the classical channel, she is able to obtain all of the key without generating any errors in the key and thereby remaining hidden.
Second, it is difficult in practice to have identical photon detectors for a quantum communication system. It is widely known that single photon detection efficiency of InGaAs avalanche photodiodes varies from 5% to 20%, and detector dark count rate can varies in a few orders of magnitude. Imbalance between the detectors can cause serious security compromise. The imbalance leads to the formation of keys which are biased in their frequency of bit=0 or bit=1, due to the difference in the efficiencies of the two detectors and a fixed bit assignment to each photon detector. This will impair the randomness of the key, and thereby degrade the security as the key is chosen from a reduced set of possible values. Moreover, there is no theoretical security proof of BB84 protocol with two un-identical photon detectors.
In a case of extreme unbalance in detection efficiency, ie., one detector is completely dead, the BB84 will be unable to form any secure key at all. Bit sequence formed between Alice and Bob will be uniquely all zeros or ones. The system with BB84 is not fault-tolerant.
BB84 protocol does not allow efficient use of avalanche photodiode based single photon detectors. The avalanche process generates a large number of charge carriers within the diode forming an easily detectable current. Some of these carriers may be localised at hetero-junctions or at trap states within the semiconductor. Carriers confined in such traps can have a lifetime of up to several microseconds. If the diode is biased above the avalanche breakdown threshold, before the trapped carriers have decayed, there is a possibility that a trapped carrier could be released and then trigger another avalanche. The resultant spurious signal is called an ‘afterpulse’. To minimising the rate of afterpulse counts, the APD has to be biased inactive for a sufficiently long time to allow most of the trapped charge to decay. This is usually achieved by using clock-blanking circuitry which removes a number of following APD biasing gates after a photon detection event. In BB84 protocol, both of detectors have to be biased inactive for a long time after photon detection from either photon detector. Otherwise, correlation of bit values can be formed in the final key, which leaks information to Eve.
BB84 protocol is vulnerable to photon number splitting attacks by a malicious Eavesdropper. The photon number splitting attack is one of the most efficient attacks on weak pulse quantum key distribution systems. This vulnerability exists because an attenuated laser will inevitably produce some pulses containing more than one photon. Multi-photon pulses emitted by Alice can allow Eve to gain information about Alice-Bob's shared key without introducing any errors to the key and thereby remaining allowing her to remain hidden.
In the photon number splitting attack, Eve removes and stores one or more photon from each multiphoton pulse and passes the remainder of the pulse to Bob. She can then measure the stored photon after Alice-Bob reveal their encoding bases, and thereby gaining full information from that pulse without causing an error in Alice-Bob's shared key. This type of attack is particularly dangerous for systems which use an attenuated laser as the signal source. To achieve more secure communication, the contribution of the multiphoton pulses to Alice-Bob's shared key can be removed through privacy amplification.